What is interesting is that if I go to the marketplace there are apps like Smart App protector that claim to do the sort of things that I wanted to do. https://play.google.com/store/apps/details?id=com.sp.protector.free&hl=en That is why I think I might have not considered all the ways you could go about building an App that is used to password lock other apps.
On Tuesday, November 27, 2012 4:54:57 PM UTC-5, Kristopher Micinski wrote: > > You can look up the discussions on the READ_LOGS permission in either > Android devleopers (someone posted a set of them on android-security a few > hours ago), though my opinions are fairly clear: apps should not be able to > have "system level" power. > > The package manager sours would be an instructive read, I think someone > gave a link to documentation (perhaps Dianne) a while back, I'll check. > > kris > > > On Tue, Nov 27, 2012 at 3:03 PM, Igor Cavallera > <[email protected]<javascript:> > > wrote: > >> I want to understand Android security better, and this is mostly a >> learning experience, so the App does not need to be completely full proof. >> What about modifying a Launcher like ADW to prompt the user for a >> password before you launch an App? Wouldn't this work? The one issue that I >> can think about is that if a user is for instance in the google maps app, >> and then he clicks on an email, the gmail App will be launched without >> asking for the users' password. And of course the Launcher App could also >> be uninstalled if the user restarts the phone in safe mode. Also is there a >> way force the user to input a password in order to uninstall an App? >> I might actually modify the system in order to support this kind of >> thing. Can you guys point me to good resources for me to learn about >> the Android package manager? Also are there any other major components that >> I would have to change to make this possible (the reference monitor maybe?)? >> >> Also, if there are any good discussion threads about this I would really >> appreciate if you could send me the links to those. >> >> >> On Tuesday, November 27, 2012 2:29:49 PM UTC-5, Kristopher Micinski wrote: >> >>> There was a long discussion on android-developers as to the removal of >>> this view logs permission, by the way, that brings up the points germane to >>> the consequences of this. >>> >>> kris >>> >>> >>> On Tue, Nov 27, 2012 at 2:28 PM, Kristopher Micinski < >>> [email protected]> wrote: >>> >>>> Still, you could defeat these apps by simply restarting the phone in >>>> "safe mode" and uninstalling the app, making this type of app essentially >>>> useless unless you included it in firmware. >>>> >>>> kris >>>> >>>> >>>> On Tue, Nov 27, 2012 at 2:15 PM, Michael <[email protected]> wrote: >>>> >>>>> It used to be possible if an application can view logs of the >>>>> ActivityManager. >>>>> >>>>> Starting from JB, viewing other app's logs is a SystemOrSignature >>>>> permission. Therefore unless your application gets installed on the >>>>> device >>>>> prior to the update, the application can only view its own logs. >>>>> >>>>> On Stock device - no viewing logs. However, there are workarounds >>>>> that you can perform such as one that constantly checks with the >>>>> Framework >>>>> to see which app is on top. I'm not to say whether these workaround is >>>>> good or not because it entirely depends on what you are trying to >>>>> achieve. >>>>> All I can say is that these are fully documented methods - use your >>>>> discretion. >>>>> >>>>> >>>>> >>>>> >>>>> On Tuesday, 27 November 2012 13:34:00 UTC-5, Kristopher Micinski wrote: >>>>> >>>>>> This will not be possible on stock hardware, because you basically >>>>>> can't "intercept" other intents with a standard app. Proxying intents >>>>>> is >>>>>> possible if you modify the system, but the ability to do this on stock >>>>>> firmware would be a security hole in itself. >>>>>> >>>>>> The place you would want to look --- should you want to modify the >>>>>> system to support this --- is the Android package manager that handles >>>>>> the >>>>>> mediation of intents through the system. >>>>>> >>>>>> Kris >>>>>> >>>>>> >>>>>> On Fri, Nov 23, 2012 at 12:05 AM, Igor Cavallera <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hey guys, >>>>>>> >>>>>>> Is it possible to create an App that would monitor which Apps are >>>>>>> launched so that it would prompt the user for a password before >>>>>>> launching a >>>>>>> possibly sensitive App (say Gmail)? But would not ask the user for his >>>>>>> password for an App like the Weather App? I was thinking about >>>>>>> intercepting >>>>>>> onStart and onResume intents in order to do this, but I am not sure if >>>>>>> this >>>>>>> is possible. >>>>>>> By the way, I am a high student trying to learn android development >>>>>>> and I was thinking of developing a simple App that did this (as a >>>>>>> learning >>>>>>> experience). >>>>>>> >>>>>>> Thank You very much for the help. >>>>>>> >>>>>>> Igor >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Android Security Discussions" group. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/**ms**g/android-security-discuss/-**/** >>>>>>> SJ1OWS-15wMJ<https://groups.google.com/d/msg/android-security-discuss/-/SJ1OWS-15wMJ> >>>>>>> . >>>>>>> To post to this group, send email to android-secu...@** >>>>>>> googlegroups.**com. >>>>>>> >>>>>>> To unsubscribe from this group, send email to >>>>>>> android-security-discuss+**unsub**[email protected]. >>>>>>> For more options, visit this group at http://groups.google.com/** >>>>>>> group**/android-security-**discuss?hl=**en<http://groups.google.com/group/android-security-discuss?hl=en> >>>>>>> . >>>>>>> >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Android Security Discussions" group. >>>>> To view this discussion on the web visit https://groups.google.com/d/* >>>>> *msg/android-security-discuss/-**/I5l3rNF9uqUJ<https://groups.google.com/d/msg/android-security-discuss/-/I5l3rNF9uqUJ> >>>>> . >>>>> >>>>> To post to this group, send email to android-secu...@** >>>>> googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>>> android-security-discuss+**[email protected]. >>>>> For more options, visit this group at http://groups.google.com/** >>>>> group/android-security-**discuss?hl=en<http://groups.google.com/group/android-security-discuss?hl=en> >>>>> . >>>>> >>>> >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/xXFG57oTQugJ. >> >> To post to this group, send email to >> [email protected]<javascript:> >> . >> To unsubscribe from this group, send email to >> [email protected] <javascript:>. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/6h6OQVZq5T4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
